SSH Client Proxy Sessions

Now its time to make your Administrators, Developers and Contractors happy too.

  1. Open your local SSH client (we will use PuTTY in our example but most other SSH clients function similarly) and create a new session

  2. In the Host Name field, enter the hostname of your PAM server (for example: xtam.company.com)

  3. In the Port field, enter the port number you assigned in the PAM configuration from the previous section (default port in PAM is 2022)

  4. For the Connection Type, select SSH.

  5. Save the session and then Open the SSH connection

     

  6. SSH-PuTTY-Host

  7. When PuTTY prompts for a login as account, enter a user string as described below:

  8.  

    If you do not know the record ID or Name, you can access the PAM SSH Proxy Interface to display and select from a list of available records for connection. You can access this Proxy Interface simply by not specifying a record ID or Name. For additional information, please read the PAM SSH Proxy Interface article.

     

    YourXTAMLoginName#XTAMrecordName or YourXTAMLoginName#XTAMrecordID

    For example, if your login to PAM was the username bwilliams and the PAM record that contains the SSH details has the name Unix Production Server and ID 41603, then the login string would be bwilliams#Unix Production Server or bwilliams#41603

    When using the record Name to define the connection string, the record Name must be unique in PAM. If the name is not unique, the connection will fail and you should use its record ID instead.

     

    SSH-PuTTY-LoginAs

     

    A # (hash), % (percent) or : (colon) character may be used as a separator between the login and recordID values.

    The record’s ID can be found in the URL when viewing the record’s Details (https://xtam.company.com/xtam/records/record_view/41603/type)

  9. Press your Enter key
  10. You will now observe an Authentication Banner is displayed to illustrate that the session is being provided via the PAM Secure Shell Proxy
  11.  

    SSH-PuTTY-AuthBanner

     

  12. At the Password prompt, enter the password for your PAM login
  13. SSH-PuTTY-Password

    If you are using MFA, please enter your MFA token at the prompt to continue.

    PAM-SSH-Proxy-MFA-Prompt

     

  14. Press your Enter key to complete the authentication process
  15.  

  16. After a few moments, you will be connected to the remote SSH endpoint using the secured connection details in the referenced PAM record.
  17.  

    SSH-PuTTY-ActiveSession

     

  18. To confirm that the session is being provided via PAM, you can navigate to the Session tab of this record and note that there is now an Active session using this record. You can also execute commands in the PuTTY session and see them appear in the PAM event log.

 

SSH-Session-Event-Log

Example using Command or Terminal Prompt

PAM-SSH-Connection-Terminal

Example using SecureCRT

PAM-SSH-Connection-SecureCRT

Example using WinSCP

PAM-SSH-Connection-WinSCP

< Creating secure SSH records in PAM